Digital Security - as it applies to Single Touch Payroll

With the advent on STP, very sensitive and private information has the potential to be floating about through the Internet. With the constant cybersecurity attacks as well as the growing use of the Internet as the main communications channel between employer and employee, it's of utmost importance that an organisation is both aware and vigilant of their own security posture.

Security for Powerforce Software (the developer)

Powerforce as the developer of the application is obliged to ensure that as much as is possible to do with software, that security and auditability are bound around the data representing employee and payroll information for its customers, so that the customer is given some surety of inbuilt safe-guards in the software being used.

On a totally technical level, the ATO has rather stringent requirements of payroll providers to ensure the adherence to highest levels of security at both the personnel level and the software itself.

Fortunatelly, we have guidelines in the form of standards to help focus on the major topics that need attention. These are broadly reflected in the ISO-27001 digital security guidelines.

ISO27001 is an industry standard, set by the International Organisation for Standardisation (ISO), which specifies requirements for establishing, implementing, maintaining and continually improving an information security management system.

Powerforce has adopted a self-certification process based on the following documents as a guideline.

The implementation requirements for Powerforce are to be viewed from 2 points of view:

  1. Powerforce the company like any other organisation must ensure the integrity of its own company data, and hence the standards guidelines apply
  2. Powerforce the software developer is obliged to provide funcionality in its products that support their end client in themselves being able to conform to the security requirements as set out in the guidelines.

Security for Powerforce Customers (the client)

The advancement of the open web into your business processes demands that companies take a new, modern and committed approach to the safety of their company data.

Powerforce (the company) clients will be the executors of the payroll functions, and need to understand their obligations to safeguard employee information from unauthorised access. Powerforce (the software) is a tool that you use to run your business, and it is not incumbent on Powerforce to enforce your security obligationas as expressed in the ISO guidelines. Powerforce will however offer you any assistance that you may request to help you verify your obligations towards the safe-guard of your data.

In this case, that access is not only from external sources, it is also from people internal to the organisation. The ISO guidelines broadly outline the following topic items as requirements for the successful fullfilment of those obligations. These obligations are the responsibility of the organisation and its service providers ( be they internal IT or external service providers).

For clients that use external IT support on an as needed basis

Recommendations to enhance data security over Powerforce Database